Christophe Feltus, Elio Goettelmann, Eric Grandry, Jocelyn Aubert, Nicolas Mayer, Roel Wieringa
Risk management is today a major steering tool for any organisation wanting to deal with information system (IS) security. However, IS security risk management (ISSRM) remains a difficult process to establish and maintain, mainly in a context of multi-regulations with complex and inter-connected IS. We claim that a connection with enterprise architecture management (EAM) contributes to deal with these issues. A first step towards a better integration of both domains is to define an integrated EAM-ISSRM conceptual model. This paper is about the elaboration and validation of this model. To do so, we improve an existing ISSRM domain model, i.e. a conceptual model depicting the domain of ISSRM, with the concepts of EAM. The validation of the EAM-ISSRM integrated model is then performed with the help of a validation group assessing the utility and usability of the model.
DOI: 10.1007/s10270-018-0661-x
Year published: 2018
See also: Open Access Link
DOI: http://www.nmayer.eu/publis/Mayer%20et%20al.%20-%20SoSyM18.pdf
URL: https://link.springer.com/article/10.1007/s10270-018-0661-x